project-health-auditor

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development and auditing commands, including cloc, npm audit, npm outdated, and pytest. These operations are well-aligned with the skill's stated purpose of auditing project health.
  • [DATA_EXFILTRATION]: The skill includes instructions to search for potential secrets (e.g., passwords, API keys, and tokens) within the codebase using grep. This is a legitimate diagnostic function for a security audit tool, and no instructions to exfiltrate or transmit discovered data were found.
  • [PROMPT_INJECTION]: As the skill processes external codebase content (e.g., reading files and tool outputs), it is theoretically susceptible to indirect prompt injection where malicious content in comments or strings could influence the agent's report. However, this is a standard risk for any tool that interprets untrusted code and is not a flaw in the skill's own logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — project-health-auditor